PRIVACY POLICY

Information Collection and Use

No personal information is collected by this site.

Cookies

This site does not use cookies.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement and GDPR policy, applies solely to information relating to Leyburn Solutions Ltd and this website.

General Data Protection Regulation (GDPR)

Retention of Company Information

Your company name, address, your name, telephone number (if supplied) and email address will be stored in our accounts system only. This information will be used for invoicing purposes only as required for the processing of our contract with you and our legal obligation to store accounting data for six years by HMRC.

The information we hold is not shared with any third parties for any purpose.

To receive copies of this data (invoices etc.) or to inform us of material changes such as an address change, email info@leyburnsolutions.com. Requests will be acknowledged within one working day and any data sent withing three working days.

To request the deletion of data through your right to be forgotten, email info@leyburnsolutions.com. Requests will be acknowledged within one working day and data deleted, subject to our legal obligations to retain data for HMRC, as soon as possible thereafter with documentation of what was deleted provided to you.

E-Mails

Leyburn Solutions Ltd. sends no marketing emails, the only emails that we send will relate directly to the service we are providing for you or in direct response to queries received.

E-mails relating to work carried out for you will be kept, in line with our accounting records, for six years.

Processing and Retention of Sage Data

The very nature of the services that we provide mean that you may well be required to send us a backup of your Sage data. Our preferred method for you sending this to us is via the use of a secure upload platform such as Dropbox (we can create a secure folder for you and send a link if required) or WeTransfer or by providing us with a link to the backup file on your own servers.

If you require us to sign a Non Disclosure Agreement (NDA) before dealing with your data, we are more than happy to do so and any data received will, of course, be treat in the strictest confidence.

When data is received, it will be restored in to the relevant version of Sage on an encrypted local hard drive and will be retained only for as long as it takes the service we are providing to be completed.

Once work is complete, we will upload a backup of the data to Dropbox and send you a link (to the email address used to contact us) to download the backup. At this point in the process, your data will be permanently deleted from our internal systems.

The backup of your data will be retained on Dropbox until you inform us that you have downloaded and restored it to your copy of Sage. If you do not inform us that the data has been restored, the backup will automatically be deleted from Dropbox seven days after it was uploaded.

Data Breach Within Our Own Internal Systems

The immediate priority is to identify and isolate the breach by locking down all systems and resetting all system passwords. We would then check the logs to see if any client data had been accessed as a result of the breach.

We would notify all clients of the breach, explaining what had happened and what steps we had taken to prevent future occurrence.

If we detected that any client data had been accessed as a result of the breach, then we would notify them and recommend that passwords are reset and that they contact their own clients to advise them of a data breach under their GDPR responsibilities.

In the event that client data had been accessed as a result of the breach of our system, we would then report the breach to the relevant authorities within 72 hours as per the GDPR requirements.